Miscellanous questions about Wormhole Network

General Questions

  • What is Wormhole Network?

    Wormhole Network is a service that provides on-demand secure private networks, effectively creating a virtual LAN between your devices.

  • How is Wormhole Network better than my current VPN provider?

    Wormhole Network does not compare to VPN providers because it serves a totally different purpose. It does not provide private access to Internet, it provides a self-contained secure private network for internal communications between remote peers.

  • What is a Wormhole secure private network?

    It is an encrypted network that looks and works like a local network, but it's actually distributed.

  • I have created an account and I'm being prompted to create a Hub. What is a Hub?

    A Hub is the place where your secure private network will exist. You need to create a hub in one of the available locations in order to create your network. Once the hub has been created, your network will be also created. There's one network for each hub you create.

  • Why do I need to create Hub users once I've got a hub?

    Security is paramount for us; that's why we ask you to create users and passwords to authenticate any device joining your secure private network. You will need these credentials to connect to your secure private network.

  • What are the limits of the free account?

    There is no limit on the amount of traffic or devices you can connect to your free account.

    You can create one Hub on our shared servers.

  • Can I use Wormhole Network to access region-restricted services?

    Unfortunately that is not the main use case, but nothing stops you from adding a proxy or a router inside your network.

Clarifying the technical bits and bolts

Technical Questions

  • Do I need to open ports on my firewall?

    No. As long as you can access external SSL websites, Wormhole will just work.

  • What ports does Wormhole Network use?

    Wormhole Network works on port 443/TCP (outbound from your network) for both our website and to encapsulate the secure private network's traffic.

  • I'm not a network engineer. Do I need to configure any VPN settings?

    No, you don't need networking ninja skills. Everything is pre-configured and included on the provided configuration files. Feel free to take a peek!

  • Is all my trafic routed through Wormhole?

    No. Only traffic directed to other devices in your secure private network will be sent through Wormhole.

  • What operating systems are supported?

    We support Windows, Linux and Mac OS X. Ideally you would be running the latest versions of each.

  • What performance should I expect?

    Throughput depends on too many factors to be able to pinpoint a number, but our servers should be able to move traffic in the hundreds of Mbps ballpark. Keep in mind that the servers on the free and bronze plans are shared, so a noisy neighbour might reduce your available throughput and increase your latency.

    On most deployments, there will be a slight latency increase over direct (and insecure) connections that should not impact your applications. This is due to our current architecture.

  • What server should I choose to deploy my secure private network?

    You should choose the server that is geographically closest to the devices that will connect to your network. We show you the location and provider for each of our servers so you can make the right choice.

For the security-minded folk

Security Questions

  • How secure is a secure private network?

    Every secure private network is encrypted using AES256, including those created on the free plan.

  • What is your logging policy?

    We keep audit logs from operational changes and we also keep a login/logout log for every Hub. If you need to get hold of your login/logout logs, please get in touch.

    These logs are archived after a certain amount of time, so retrieving very old logs could take us a few days.

  • Can Wormhole Network's staff peek into our encrypted traffic?

    No. We only can see aggregate traffic data (i.e. bytes in / bytes out).

    The software supports packet monitor functions, but these are not enabled nor offered as an extra service at the moment.

  • Is your software secure?

    We use the already available SoftEther VPN, which is open source software. You can take a look at its Security Model.

  • What is your security model?

    We have servers deployed on different datacenters around the world, that are actually the central servers to any secure private network created. These servers are reachable on a variety of ports as supported by SoftEther, but our system creates config files to use port 443/TCP to make sure Wormhole works on as many sites as possible.

    When the agent is deployed with our provided configuration files, an SSL connection will be established to the central server where your secure private network has been created and you will receive an IP address from your dedicated DHCP server instance. In order to make sure Wormhole works on as many places as possible, this IP address will be in the 100.64.0.0/24 range. Every other device joining this network will have layer 2 and upwards visibility over the network.

    The agent creates a virtual interface on your machine, so reaching other machines in the network is as transparent as possible for you and your applications.

    As all the connections from your devices to the central servers are outbound, there's no need to expose any ports on your real network for your machines to be reachable through a Wormhole network.

    All our customer's passwords are securely stored.

    We do not roll-out our own crypto.

  • Warrant Canary

    We have never been requested to provide any data from our customers.